Category: Cyber Security

AI Security and Intelligence Services

The efforts of security and intelligence services to counter threats has led experts to consider using new concepts that are fast becoming part of our daily life such as artificial intelligence (AI) and machine learning as a defense to boost skills for countering cyber-attack.

Industry experts have always believed that AI will have a growing impact on cybersecurity technology thanks to its potential to improve threat detection. Believe however turned to reality when Alphabet launched a cybersecurity intelligence system designed to fight crime on a global scale back in January. If one ever needed proof of how AI-based solutions will improve existing technologies and drive greater efficacy and efficiency in the war against cybersecurity, Chronicle is it. Before we proceed to discuss their impact on cybersecurity, it is essential to first understand, from a technical standpoint, what is meant by artificial intelligence and machine learning.

What is Artificial Intelligence?

Artificial intelligence is an aspect of computer science that gives prominence to the creation of applications that engage in tasks that require mental processes of a high level such as memory organization, perceptual learning, and critical thinking.

In other words, artificial intelligence borders on the development of machines that work and react like humans by performing activities such as problem-solving, learning, planning, and speech recognition, among others.

What is Machine Learning?

Kris Lahiri, co-founder and chief security officer of Egnyte, in an article published on Forbes, defined machine learning (ML) as “a branch of artificial intelligence (AI) that refers to technologies that enable computers to learn and adapt through experience.”

How Will AI and ML Impact Cybersecurity?

With technologies advancing very quickly, the sophistication of hackers is fast emerging as a threat to internet security. Cybercriminals continue to develop new attack strategies meant to avoid existing security systems. This makes organizations act defensively rather than proactively. The difficulty in knowing precisely what attackers are planning makes it hard to take preventive measures.

As the level of sophistication across the entire global threat landscape continues to increase rapidly, security outfits must use advanced tools to get ahead of the threats before they do any damage. Given their sophistication and intelligence, it is believed that the use of AI and machine learning tools will enable companies to detect, investigate and remediate breaches faster.

This is because AI allows organizations to automate complex processes for detecting attacks and responding to breaches. And since AI and ML work hand-in-hand, AI can leverage ML capabilities to enhance its abilities and evolve. In this manner, AI security solutions powered by ML can rely on ML use data from previous attacks to react to newer and similar risks.

Tech professionals believe that the efficacy of this approach rests on the fact that hackers build on old threats. Therefore, by deploying AI and ML, new dangers can be detected more quickly and dealt with before they do any harm.

If anything can go wrong, it will most likely go wrong! Murphy’s Law sounds like an overly pessimistic philosophy, coated with a good layer of doom and gloom. Yet, for folks who lost all their Bitcoin in the infamous Mt. Gox hack, there’s not much that can be done when your cryptocurrencies become vulnerable to malicious intent.

If hackers steal your cryptocurrencies – you’ll probably never find them – even if you find them; the police, the government, courts can’t force them give it back to you – unless they choose to give it back. If they trick you into sending your cryptocurrencies to them, you can’t reverse or cancel the transaction. We are still living in the Wild West of cryptocurrencies and the onus falls on you to proactively take precautionary measures to protect your cryptocurrency funds. This piece provides a general overview of some security measures you can take to keep crypto coins safe.

Image Source: Business Insider

· Online wallets

For newbies stepping into the world of cryptocurrencies, online wallets are usually the first type of wallet that they encounter and use. If you buy your cryptocurrencies through an exchange, the wallet address they generate for you into which your tokens are deposited, is an online wallet. Some third-party non-exchanges also offer online wallet services. An online wallet allows you to access your coins from any internet enabled device because the data to your account is essentially stored on the cloud.

The danger with online wallets is that you are trusting someone else with the public and private keys to your tokens. If they are unscrupulous, they could corner your coins and use it for their own purposes. The fact that online wallets are internet-facing also makes them vulnerable to hacks – in the Mt. Gox hack, more than 500,000 BTC were stolen, more than $70M worth of Bitcoin was lost in the Bitfinex hack of 2016.

· Mobile Wallets

Mobile wallets are fundamentally more secure than online wallets, but they require a bit more involvement on your part than getting an auto-generated wallet address from an exchange. Mobile wallets are simple apps that run on your phone. Your cryptocurrencies are technically stored in the app as opposed to the centralized cloud storage that you get with an online wallet; hence, they are more protected from hacks. However, if you lose your phone or if the phone becomes inoperable, you can kiss your cryptocurrencies goodbye. If you download mobile wallets from untested sources, you could end up with a fake wallet with a backdoor breach.

· Desktop Wallets

Desktop wallets are a more robust version of mobile wallets – they have more space because computers tend to have more storage than mobile devices. Desktop wallets run on client applications on your computer; hence, you can only access your tokens from the computer. If the computer is not infected with malware or connected to the internet, it is practically impossible to steal your cryptocurrencies from a desktop wallet.

· Hardware Wallets

Hardware wallets are probably the best tool in the market for storing and keeping your cryptocurrencies safe from hackers. Hardware wallets lets you store the private keys to your cryptocurrencies on a hardware device different from your computer. You’ll need to connect the wallet to a computer to access your cryptocurrencies and send coins to counterparties; however, the wallet doesn’t need to be connected to a computer before you receive cryptocurrencies.

Trezor wallet for example, uses a combination of pin codes and a 24-word seed security mechanism. The most important thing about using a Trezor wallet is to write down the seed and keep it somewhere safe offline—don’t be tempted to store it in your mailbox or a notepad on your computer. The seed words come in handy for rebuilding your wallet even if your Trezor is lost, stolen, or damaged.

Source: Coindesk

· Paper Wallets

Paper wallets are designed to be a hacker- proof and secure method of cold storage. Paper wallets, when properly set up will give a lot of grief to anybody that wants to take on the practically impossible task of stealing your cryptocurrencies – the challenge however is that you will go through similar grief to access your cryptocurrencies. To set up a paper wallet, you’ll need to print your private keys or create QR codes of your keys and keep them in a safe, probably in a bank or similar location.

There have been increasing numbers of cyber attacks reported in recent years across all industries and it is costing the United States an absolute fortune in cyber security. Obama announced that $19 billion was to be dedicated to the ongoing fight against cyber criminals, highlighting the gravity of the threat it now poses to businesses and even households.

In 2016 there were widely reported attacks on PayPal, Twitter and Spotify to name a just a few of the big companies that have been targeted. The number of cyber attacks across the world is increasing and businesses are spending more and more money in deterring the crime.

Banking Sector Most at Risk

Of course, the banking sector is one of the industries that are most at risk, given the nature of the data that they hold. This means that banks have had to dedicate significant funds on developing their digital infrastructure to strengthen their cyber security. The banking world has long been seen as a very profitable industry and for many banks that still remains to be true. Investment banking experts like Fahad Al Rajaan demonstrate that the banking sector can still be a very effective way of making money. It is therefore vital that banks are protected from cyber-attacks.

Preventing Cyber Attacks

As well as spending more on software to reduce the chances of an attack, companies now spend more on resources dedicated to preventing cyber-attacks. This means that extra IT personnel are required, extra training for all staff and more resources allocated to analyzing their cyber security and performing risk assessments.It also means that more robust policies and processes must be introduced. This can vary from developing and delivering online training for staff to raise awareness about the risks of cyber security, to employing a whole team of experts to audit the processes. It is certainly becoming a very costly affair.

Cyber attacks not only cost businesses from the initial financial sting, they are also impacted by the reputational damage that the attacks can cause for years to come. If somebody feels that their money isn’t safe with a bank, then they are likely to close their account and go to another one that they feel will protect their money better. The more publicity that a cyber attack attracts, the higher the reputational damage will be.As mentioned before, the government is committed to driving down and eventually eradicating the threat of cyber attacks. Greater cyber security laws are being ratified and harder punishments will be a deterrent for many would-be cyber criminals.

Finding a Solution

It is unfortunate that such huge amounts of money are being spent on cyber crime, both by the government and by businesses. Until a solution is found, it looks like this trend will continue and the threat of cyber attacks will dominate how businesses setup their IT structures and policies.

The Crypto World

The cryptocurrency has taken the world by storm, as it has finally shaded its fringe idea reputation and is now among the most hotly sought-after commodities in the world. Due to the industry’s wild successes this year, which has seen the industry multiply over 10 times in value this year, people are trooping into the industry in their millions seeking to be part of this gold rush.

And although the ways of acquiring cryptocurrencies has become exceptionally simpler over the years with most exchanges now accepting credit card payments, there are a significant section of investors who don’t wish to pay the astronomical amounts cryptocurrencies such as Bitcoin are currently priced at. This naturally sends these groups of investors into the only other way of acquiring cryptocurrencies which is mining. And true to its rise, mining some of the more valuable cryptocurrencies is become more and more out of the reach private individuals, due to their capital and energy intensive nature.

But like every other obstacles there are solutions that have been made to circumvent them. Investor’s and cryptocurrency enthusiasts around the world now use what is known as cloud mining in order to still participate in the mining of their desired cryptocurrencies without having to make investments in the hundreds of thousands of dollars to set up industrial scale mining operations. Although there are a lot of cloud mining operations that are labeled as Ponzi schemes, but the industry is rapidly maturing and has some reputable and innovative ones like Miner Gate which seeks to take the cloud mining to new heights. Some of the great benefits that cloud mining offers the user include:

Simultaneous Mining

Most people who take on the mining industry by themselves do so by concentrating on a single cryptocurrency at a time to maximize the usability of their computing power (also known s hashing power). This is quite limiting as cloud mining operations offer the user the chance to maximize the use of their hashing power by mining for several cryptocurrencies at the same time which is also beneficial as far as spreading the miner’s risks are concerned.

Smart Mining Operations

To take this great innovation to another level, cloud mining service providers such as Miner Gate have another cool feature up their sleeve where by the users’ mining rig automatically focuses on mining the cryptocurrency with the most value among the multiple mining options offered. This is done by calculating the value of the cryptocurrency against the power needed to mine it. Users are of course not forced to use this feature as they can switch it off at any time of their choosing.

Small Scale Profitability

Cryptocurrency mining operations especially that of Bitcoin have the reputation of being too expensive and often small scale mining operations tend to make heavy losses as the cost of maintaining the mine is significantly higher than the reward obtained at the end of the day. And this is where Cloud Mining pools work their magic for potential miners, as they allow multiple small scale mining operations to pool their resources and mine as a single entity. Any reward gotten at the end of the day is distributed among the participating miners according to the amount of hashing power they contributed to the operation.

There was a report by that the attackers had discovered an exposed backdoor in Telegram Messenger, this vulnerability helped the attackers unknown to the owners turn computers into cryptocurrency miners.

These clandestine crypto mining operations had been going on since March 2017 reported Kaspersky Labs, the company that discovered and exposed the cyber attacks. Kaspersky also said a zero-day vulnerability in the Telegram messenger desktop app gave the attackers the ability to create and spread a never before seen the type of malware that could create a backdoor Trojan and also mine cryptocurrency.

A Kaspersky lab analyst said they had found quite a number of possible actions of the zero-day exploitation which asides from being spyware and malware, could also send unknown and unseen software for mining cryptocurrency, and that infections like that had become a global phenomenon.

Here is a little insight into the operation of the Telegram vulnerability; there is a way the Telegram Windows client deals with the RLO (right-to-left override) Unicode character (U+202E), in that process lays the vulnerability. However, that RLO Unicode Character is how languages are written from right to left (like Hebrew or Arabic) are coded. Kaspersky’s report states that a hidden RLO Unicode Character contained in the file name that flipped how the characters were ordered, thereby giving the file a new name was how the malware creators got access to computers. Like in this example, an attacker names a file “IMG_high_re*U+202E*gnp.js” and sends to someone using the Telegram messenger, the file seen at the User’s end will be “IMG_high_resj.png” (notice how a flip has happened to the file format), the user then clicks on the file thinking it is a picture file, then a JavaScript file containing the malware would be secretly downloaded.

Founder of Telegram

However, the founder of the Telegram application did not waste time in deemphasizing the allegations. He is of the opinion that antivirus companies always do the most at stretching the severity of their results, just to excite the public, and as such, should not be taken seriously. He also rebuffed Kaspersky’s claim by explaining that what they uncovered was nothing near a vulnerability of the Telegram messaging app, and also that there was no way cybercriminals could gain access to users’ computers without the users opening something malicious. He further assured Telegram users that they were safe and had always been safe.

According to Kaspersky, Fantomcoin, Monero, Zcash and other cryptocurrencies were acquired, and according to the evidence they had, Russians were behind the malware, and also that it could be used as a backdoor for hackers to gain access and silent control of users’ computers. Records of a Telegram local cache which most likely was stolen from victims was found in the process of doing their analysis of malicious servers.

There have been increasing numbers of cyber attacks reported in recent years across all industries and it is costing the United States an absolute fortune in cyber security. Obama announced that $19 billion was to be dedicated to the ongoing fight against cyber criminals, highlighting the gravity of the threat it now poses to businesses and even households.

In 2016 there were widely reported attacks on PayPal, Twitter and Spotify to name a just a few of the big companies that have been targeted. The number of cyber attacks across the world is increasing and businesses are spending more and more money in deterring the crime.

Banking Sector Most at Risk

Of course, the banking sector is one of the industries that are most at risk, given the nature of the data that they hold. This means that banks have had to dedicate significant funds on developing their digital infrastructure to strengthen their cyber security. The banking world has long been seen as a very profitable industry and for many banks that still remains to be true. Investment banking experts like Fahad Al Rajaan demonstrate that the banking sector can still be a very effective way of making money. It is therefore vital that banks are protected from cyber-attacks.

Preventing Cyber Attacks

As well as spending more on software to reduce the chances of an attack, companies now spend more on resources dedicated to preventing cyber-attacks. This means that extra IT personnel are required, extra training for all staff and more resources allocated to analyzing their cyber security and performing risk assessments.It also means that more robust policies and processes must be introduced. This can vary from developing and delivering online training for staff to raise awareness about the risks of cyber security, to employing a whole team of experts to audit the processes. It is certainly becoming a very costly affair.

Cyber attacks not only cost businesses from the initial financial sting, they are also impacted by the reputational damage that the attacks can cause for years to come. If somebody feels that their money isn’t safe with a bank, then they are likely to close their account and go to another one that they feel will protect their money better. The more publicity that a cyber attack attracts, the higher the reputational damage will be.As mentioned before, the government is committed to driving down and eventually eradicating the threat of cyber attacks. Greater cyber security laws are being ratified and harder punishments will be a deterrent for many would-be cyber criminals.

Finding a Solution

It is unfortunate that such huge amounts of money are being spent on cyber crime, both by the government and by businesses. Until a solution is found, it looks like this trend will continue and the threat of cyber attacks will dominate how businesses setup their IT structures and policies.

Consumers and companies had a rude awakening recently. They’re all at risk of cyber attacks. One of the biggest cybersecurity developments recently was the WannaCry attack. Now, WannaCry is ransomware, which is a type of malware that blocks users access to their data until a ransom is paid to the hackers to regain access. On May 12, 2017, WannaCry began to infect Windows-based computers across the globe, primarily through phishing email scams and a worm feature in the ransomware.

The WannaCry attack spread to 150 countries, and targeted approximately 200,000 organizations. The WannaCry ransomware exploited a flaw in Microsoft’s Windows software, which was discovered by the U.S. National Security Agency and leaked by hacker. Although WannaCry affected millions of users and hundreds of thousands of organizations, it’s good news for the cyber security industry.

Highly Publicized Cyber Attack

Now, when there is a highly publicized cyber attack, it tends to be good news for cyber security companies, and stocks tend to rise off of this news. For example, Sophos Group PLC, which is a UK-based cyber security company, saw its stock rise over 7% and set a record high. This was primarily due to the company’s guidance raise.

In the event of a cyber security attack, traders price these events in, as this could mean more potential business for publicly-traded cybersecurity-related companies. In turn, this should drive revenues and earnings higher, which should cause cybersecurity companies’ stock prices to rise.

According to traderJason Bond,“We’ve seen cybersecurity stocks run higher following some cyber attacks on companies, such as the attacks on Yahoo, Target and Home Depot. The idea behind is this move is quite simple. When hackers attack companies or users, those companies and users may look to increase their defense against another attack. To defend against cyber attacks, these companies will look to leverage the technology of well-established cybersecurity firms.”

We saw this in some cybersecurity stocks, such as FireEye Inc (NASDAQ: FEYE), an enterprise cybersecurity company that provides products and services in an attempt to protect against cyber attacks and threats. After the news of the WannaCry attack was released, FEYE closed up over 5% that following day. Here’s a look at FEYE on the 15-minute chart, after it hit a high above $16.

Now, that wasn’t the only cybersecurity-related security that gained that day. Traders may use HACK as an investment vehicle to gain exposure to the overall industry, rather than just one cybersecurity-related company. The PureFunds ISE Cyber Security ETF ultimately closed up over 3% on the trading day following the WannaCry reports. The PureFunds ISE CyberSecurity ETF (NYSEARCA: HACK), the world’s first cybersecurity exchange-traded fund (ETF), shares also saw a rise following the WannaCry attack. The PureFunds ISE Cyber Security ETF offers investors away to gain exposure to the cybersecurity industry, and the fund is comprised of companies offering consulting, software, hardware and services to defend against cyber attacks.

Here’s a look at the ETF following the WannaCry reports, on the 15-minute chart.

A VPN, or Virtual Private Network, is a service allowing a company or indicudual.to connect directly to the internet via a server operated by a ultra high quality VPN PROVIDER. All data traveling between your phone computer, or even your tablet, and even the new glass screen hand held devices. and the “VPN SERVER” is securely encrypted.

Cyber Crimes, Hacking, Malware Attacks

With the increasing cases of ransom ware infections, cyber-crimes, hacking attempts and malware attacks happening today, increasing your privacy levels while online is crucial. Using an active Virtual Private Network will modify your virtual location and give you an extra security layer. Furthermore, it will give you access to blocked or restricted websites. Here are qualities to look for in the best VPN service.

Speed

Speed is one of the major aspects that separate the best VPNs from the ordinary ones. Nobody likes to deal with a slow connection, especially if you have a busy lifestyle. Go for a virtual private network that provides a fast and stable access. It is best to opt for VPNs that have different offer options so that you can always have the speed you need for different services.

Ease of use

You need a VPN that is easy to use and should not require tech expertise. You need to go for a service that offers you the protection that you need and does not compromise on user experience. Good VPNs should be hassle-free and intuitive to ensure that you do not waste your time on them. You should not bother with a VPN service that does not deliver within a few minutes.

Solid security

Various encryption protocols will deliver different security levels. You must determine the type of encryption that is used by the VPN service that you are considering. Most VPN providers will also use security measures such as firewalls, secure VPN nodes, security audits, dedicated servers, PCI compliance and more. Solid security is important because your privacy while online should be protected at all times. For excellent security, check out FastestVPNGuide’s website.

Different server locations

A good VPN service offers servers or IP addresses from different global locations. This is crucial, especially for users who need IP addresses for specific countries. For example, if you want to access content that is only available to US audience, then you will have to use a US IP address. You should ensure that your service provider allows for IP switches, especially if you want to use multiple IPs from several countries.

Tech Support

Knowing that your queries will be answered promptly and in detail is an important thing, particularly for those who are not experts in this field. You need a VPN service that will be there for you whenever you need assistance or are stuck. Readily-available and helpful customer service is crucial for any client. Go for companies that have a detailed FAQ segment and committed customer care representatives.

The pricing of VPN services should not be taken for granted. This is because there are tremendous price variations between various VPN service providers. When buying a VPN service, you should avoid the cheapest deals in the industry. This is because quality service is never cheap and you will get what you pay for. Take time to compare available VPN plans to choose one that fits your budget and has all the features that you need. With a little research, you will find the best VPN services that will protect your transactions and activities online.

Over the past few years, ransomware has become an enormous problem throughout the United States and abroad. It is also a unique problem that is far different from other types of computer viruses. Unlike other malicious software, ransomware is specifically designed with the intent of forcing the victim to hand over their money. On May the 12th, the world was hit with a cyber-attack unlike anything it had ever seen before. The primary weapon of the attack was the WannaCry ransomware. On the Friday of the attack, the nefarious software infected an estimated 230,000 computers in more than 150 countries.

Affected by These Attacks are Groups like The National Health Service in Britain

Of course, most onlookers were more surprised by the groups that fell victim to the attack. The National Health Service in Britain experienced major disruptions. Simultaneously, Deutsche Bahn, Telefonica and even FedEx became victims of the hackers. When these companies found out they have fallen prey to the hackers, they received a warning screen on their computers demanding ransom ranging in price from 300 to 600 dollars. All of the files on the computers were encrypted. While workarounds were eventually discovered, it was originally believed that paying the extortion money was the only way to obtain the decryption code to unlock their files.

A Lasting Impression left Behind.

While the WannaCry ransomware attack has ended, it has undeniably left a lasting impression behind. For starters, the vulnerability, which allowed hackers to install the malicious software on the victims’ computers, was previously identified and utilized by the United States National Security Agency. The NSA used the vulnerability to their advantage and did not alert Microsoft. A hacking collective, The Shadow Brokers, gained access to the NSA’s tools and documents late last year. Originally, the group attempted to auction off the tools used by the NSA. Microsoft became aware of the problem after leaks from the hacking group. This gave the technology company plenty of time to release patches, but obviously not everyone installed the patch in time.

The Impact

After the attack, Kaspersky Lab analyzed the impact and confirmed that Russia, India, Ukraine, and Taiwan were hit harder than other companies. However, the National Health Service were disrupted the most. Vape technology, tablets and smartphones were generally invulnerable to the attack. In fact, it only impacted older Windows computers that had not been upgraded to the Windows 10 operating system and the latest patch. While experts concur that the impact of the attack was relatively low, it could be a sign of things to come in the near future.

For instance, security experts agree that the results could be far direr had the attacked targeted something more dangerous, such as nuclear power plants or railway systems. At the end of the day, WannaCry might be finished, but it could easily return in the future. The Wall Street Journal and others believe the attack could be linked to North Korea. Whether or not that is true, one thing is certain. Cyber security firms will need to take steps to address these security risks and flaws as quickly as possible. Failing to do so could result in something far worse in the future.

In an age where technology is beginning to take over the world, security is becoming a huge factor. Security procedures are needing to adapt in order to ensure that people are continually protected at all times, whether that’s at the airport, online or visiting the hospital, and there are a number of new technologies that are being implemented in order to adapt and change security procedures. Here, we’re taking a look at how technology is changing security in a number of different sectors around the world.

Online Security

One of the biggest concerns that people have when it comes to going online is whether or not their personal details are able to be stolen. When it comes to filling out personal, financial details on sites like Wizzcash.com or other financial institutions, there is a lot of personal information that could be taken by hackers. However, new technologies like cloud-based systems and biometric scanners can help to ensure that a person’s identity is protected and personal data cannot be stolen without legitimate identification processes. While this is not in practice yet, with huge hacks around the world like the NHS ransomware attack, it is highly likely that stronger security measures will be put in place to protect data in mind.

Airport 3D Scanning Systems

In the US, a company called Analogic uses a 3D scanning system suited to scanning hold luggage, based on the idea of a CT scan. The concept behind this technology is to stop people from having to take out things like liquids and laptops from their hand luggage as it is able to be put through the scanner with any threats indicated quickly and officially. These scanning systems could one day also be rolled out on a larger scale, meaning countries all over the world won’t have to see toiletries being stuffed into plastic bags and left out to put on the trays separately.

Biometric Iris Scanners

The E-passport gates in some UK airports not only allow queues to be reduced in the airport when trying to get through passport control, but they also help to heighten security levels without the added hassle and stress. The rise in biometric iris scanners in airports mean that people who may swap their passport with someone they look similar to will get caught instantly, and the gates won’t open. Facial recognition technology is also slowly coming into play, meaning the airport is able to understand and monitor the profile of every traveler trying to go through the gates, further increasing security measures.

Patient Identification

One of the biggest issues behind patient identification is the lack of privacy and easily accessible documentation. Data isn’t quite as secure in healthcare as many people tend to think, but a number of new technologies are beginning to be introduced in order to reverse this. Biometric patient identification processes are just one example of how these types of processes can be improved, to ensure that data and patient identification documents remain as secure as possible. This will include strengthened security and compliance, locking medical records to ensure there are no mix-ups and also accurately identifying patients to prevent fraud and human error.